Framework-Specific Checks

1 min read Application Security

Framework-Specific Checks

For ORM Usage (Hibernate, Entity Framework, SQLAlchemy)

Native queries use parameter binding, not string concatenation
Dynamic query building uses framework's criteria API
Custom SQL in annotations/attributes is parameterized
Lazy loading doesn't introduce injection vulnerabilities

For Direct Database Access

PreparedStatement (Java) or parameterized queries (other languages) used
Parameter indexes match query placeholders
Batch operations use prepared statement batching
Connection strings don't contain user input